| From: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
|---|---|
| To: | Matt Silverlock <matt(at)eatsleeprepeat(dot)net>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: pg_ident.hba on a single-user, multi-app machine |
| Date: | 2014-08-16 20:47:24 |
| Message-ID: | 53EFC35C.8010806@aklaver.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 08/16/2014 07:47 AM, Matt Silverlock wrote:
> Hi all.
>
> Trying to rationalise my pg_hba.conf and pg_ident.conf configuration on
> a Debian/Ubuntu machine where:
>
> * One primary application user (“deploy”) runs web applications
> * postgres, nginx, et. al run under their own users
> * Using a Unix socket for connecting to PostgreSQL on the same machine
> (if I split the machines up at some point in the future, I’ll just run
> TCP + SSL w/ strict IP filtering)
>
> At the moment I’m using the following approach, where each database user
> (unique per application) only has permissions for its own database.
> Users are mapped to the “deploy” user so that peer authentication can work.
>
> What are the outstanding risks here? The only ‘likely’ scenario (short
> of the box itself being compromised) is if the app is compromised/flawed
> (i.e. some uncaught SQLi vuln in a lib) then it can drop its own tables,
> but not the tables of any other application running under the same OS user.
>
> (Heck, can you even have multiple applications talking to the same Unix
> socket?)
Yes. Here is a good description of how:
>
> Thanks in advance.
--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adrian Klaver | 2014-08-16 21:09:18 | Re: logfile character encoding |
| Previous Message | Tom Lane | 2014-08-16 19:40:49 | Re: logfile character encoding |